File dba-nginx-1261-modsec.spec of Package dba-nginx-1261-modsec
%define real_name nginx
%define version 1.26.1
%define vers 1261
%define prefix /DBA/apache/NGX/%{version}-modsec
%define gemname passenger
%define gemvers 5.0.30
%define sslvers 3.0.14
%define modsecnginxvers 1.0.3
%define with_ajp 0
%define with_lua 0
%define with_perl 1
%define with_pgspeed 0
# # %define pgspeed_vers 1.11.33.0
# # %define pgspeed_dir ngx_pagespeed-%{pgspeed_vers}-beta
%define pgspeed_vers 1.13.35.2
%define pgspeed_dir ngx_pagespeed-%{pgspeed_vers}-stable
%define with_ruby 0
%define with_stream 1
%define with_websockify 1
%define with_slowfs 0
%define with_modsec 1
Name: dba-nginx-%{vers}-modsec
Summary: A HTTP server and IMAP/POP3 proxy server 1.26.1 with mod_security
Version: %{version}
Release: 1
AutoReqProv: on
License: BSD-Source-Code
Group: Productivity/Networking/Web/Proxy
Url: http://nginx.org/
Source: http://nginx.org/download/nginx-%{version}.tar.gz
Source1: nginx.init
#Source2: nginx-upload-progress-module-0.9.2.tar.gz
Source2: nginx-upload-progress-module-feature-nginx-v1.23.tar.gz
Source3: nginx-upstream-fair.tar.gz
Source4: http://nginx.org/download/nginx-%{version}.tar.gz.asc
Source5: ngx_cache_purge-2.3.tar.gz
# From http://nginx.org/en/pgp_keys.html
Source6: nginx.keys
# Source7: https://github.com/yaoweibin/nginx_upstream_check_module/archive/v0.3.0.tar.gz
Source7: https://github.com/yaoweibin/nginx_upstream_check_module/archive/master.zip
Source8: https://github.com/pagespeed/ngx_pagespeed/archive/v%{pgspeed_vers}-stable.tar.gz
Source9: http://rubygems.org/downloads/%{gemname}-%{gemvers}.gem
Source10: dba-nginx-rpmlintrc
Source11: ngx_log_if.tgz
Source12: nginx_accept_language_module.tgz
Source13: http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
Source14: http://www.openssl.org/source/openssl-%{sslvers}.tar.gz
Source15: ngx_slowfs_cache-master.tgz
# Source16: lua-nginx-module-0.10.8.tar.gz
# # Source16: https://github.com/openresty/lua-nginx-module/archive/ca8ed0e8cd746c41450b14abff5e40d8f713ccc9.zip
Source16: https://github.com/openresty/lua-nginx-module/archive/v0.10.13.tar.gz
Source17: set_nginx_1.26.latest-modsec.sh
Source18: http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz
Source19: headers-more-nginx-module-0.34.tar.gz
Source20: filter-requires-nginx.sh
# Source21: https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/1.2.6.tar.gz
Source21: https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/08a395c66e42.zip
Source22: https://dl.google.com/dl/page-speed/psol/%{pgspeed_vers}-x64.tar.gz
Source23: https://github.com/tg123/websockify-nginx-module/archive/v0.0.3.tar.gz
#GeoIP2 https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
Source24: GeoLite2-Country.mmdb.gz
Source25: ngx_http_geoip2_module.tar.gz
#modsecurity
Source26: https://github.com/SpiderLabs/ModSecurity-nginx/releases/download/v%{modsecnginxvers}/modsecurity-nginx-v%{modsecnginxvers}.tar.gz
Source27: filter-provides-nginx.sh
# sign key from new developer. is missing in source6 nginx.keys
Source28: thresh.key
Source29: arut.key
Source30: pluknet.key
Patch1: nginx-remove-werror.patch
Patch2: nginx-geoip.patch
Patch3: nginx-geoip2.patch
# Patch4: openssl.sles11.patch
# Patch5: https://github.com/yaoweibin/nginx_upstream_check_module/blob/master/check_1.9.2+.patch
# Patch5: https://github.com/yaoweibin/nginx_upstream_check_module/blob/master/check_1.11.5+.patch
# Patch5: https://github.com/yaoweibin/nginx_upstream_check_module/blob/master/check_1.12.1+.patch
# Patch5: https://github.com/yaoweibin/nginx_upstream_check_module/blob/master/check_1.16.1+.patch
Patch5: https://github.com/yaoweibin/nginx_upstream_check_module/blob/master/check_1.20.0+.patch
#Patch6: upstream_fair_default_port_remove.patch
Patch7: ngx_conf_multi.patch
#Patch8: nginx-upload-progress-module-124+.patch
Patch9: nginx-sticky-module-ng.patch
#
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define _use_internal_dependency_generator 0
%define __find_requires %{SOURCE20}
%define __find_provides %{SOURCE27}
#!BuildIgnore: dba-openssl-098o dba-openssl-098r dba-openssl-098x dba-openssl-101c dba-openssl-101e dba-openssl-101f
#!BuildIgnore: dba-libxml2-290
#!BuildIgnore: nspr dba-geoip-148 dba-geoip-160 dba-git-2191
BuildRequires: unzip gnupg
BuildRequires: pkgconfig zlib-devel dos2unix patch openssl-devel
BuildRequires: libxslt-devel libaio-devel libxml2-devel
BuildRequires: gcc-c++ pcre-devel
#!BuildIgnore: pcre2-devel
%if 0%{?rhel_version} || 0%{?centos_version}
BuildRequires: perl-IPC-Cmd
%endif
Requires: libxslt
%if 0%{?rhel_version} >= 401
%define with_ruby 0
%endif
%if 0%{?sles_version} == 10
%define with_ruby 0
%endif
%if 0%{?suse_version} >= 1300
%define with_ruby 0
%endif
%if 0%{?centos_version} >= 501 && 0%{?centos_version} < 600
%define with_ruby 0
%endif
%if 0%{?centos_version} >= 700
%define with_ruby 0
%endif
%if 0%{?centos_version} >= 700 || 0%{?rhel_version} >= 700
%define with_pgspeed 0
%endif
%if %{with_ruby}
BuildRequires: rubygem-rake gcc-c++ libstdc++-devel curl-devel ruby-devel
%define ruby_gemdir %(ruby -rubygems -e 'puts Gem::dir' 2>/dev/null)
%define ruby_sitearchdir %(ruby -rrbconfig -e "puts Config::CONFIG['sitearchdir']")
%endif
%if 0%{?fedora_version}
%define with_ruby 0
%endif
# %if 0%{?fedora_version} || 0%{?suse_version} >= 1201
%if 0%{?fedora_version}
%define with_geoip 0
%define with_geoip2 0
%else
%define with_geoip 1
%define with_geoip2 1
%endif
%if 0%{?rhel_version} >= 600
# gd-devel is optional in rhel6
%define with_gd 0
%else
%define with_gd 1
%endif
%if 0%{?sles_version} == 9
%define with_gd 0
%endif
%if 0%{?sles_version} >= 9
%define with_aio 0
%else
%define with_aio 1
%endif
# aio not compiling for CentOS5 i586 environment
%if 0%{?centos_version} >= 501 && 0%{?centos_version} < 600
%ifarch %ix86
%define with_aio 0
%endif
%endif
%if 0%{?rhel_version} == 406
%define with_aio 0
%define with_lua 0
%endif
%if %{with_lua}
BuildRequires: dba-lua-515-static
%define luadir /DBA/lua/5.1.5
%endif
%if %{with_gd}
BuildRequires: gd-devel fontconfig
%if 0%{?centos_version} >= 700 && 0%{?centos_version} < 900
BuildRequires: bitmap-console-fonts
%endif
%endif
%if %{with_perl}
BuildRequires: perl(ExtUtils::Embed)
%endif
%if %{with_geoip}
BuildRequires: dba-geoip-163-static
%define geodir /DBA/geoip/1.6.3
%endif
%if %{with_geoip2}
BuildRequires: dba-libmaxminddb-160-static
%define libmaxminddbdir /DBA/libmaxminddb/1.6.0
%endif
%if %{with_modsec}
BuildRequires: dba-modsecurity-3010
%define modsecuritydir /DBA/modsecurity/3.0.10
%endif
%if 0%{?suse_version}
Requires: pwdutils
BuildRequires: pwdutils
%else
Requires: passwd
BuildRequires: passwd
%endif
%if 0%{?suse_version} >= 1100
BuildRequires: -post-build-checks
%endif
%description
nginx [engine x] is a HTTP server and IMAP/POP3 proxy server written by Igor Sysoev.
It has been running on many heavily loaded Russian sites for more than two years.
Authors:
--------
Igor Sysoev
%if %{with_ruby}
%package ruby
Summary: Ruby files for passenger module
Group: Productivity/Networking/Web/Proxy
Requires: %{name} = %{version}
Requires: ruby
%description ruby
Ruby files for passenger module
%endif
%prep
# gpg --recv-keys 33CFC8B3
gpg --import %{S:6}
gpg --import %{S:28}
gpg --import %{S:29}
gpg --import %{S:30}
gpg --verify %{S:4}
%setup -n %{real_name}-%{version} -a 2 -a 3 -a 5 -a 7 -a 8 -a 11 -a 12 -a 14 -a 16 -a 19 -a 21 -a 22 -a 23 -a 25 -a 26
dos2unix contrib/geo2nginx.pl
# Remove -Werror flag due to compile errors with -Wunused-function and -Wunused-variable
# %{__perl} -pi.orig -e 's|-Werror||g' auto/cc/*
%{__chmod} +x %{SOURCE20}
%{__chmod} +x %{SOURCE27}
%if %{with_pgspeed}
mv -v ./psol ./%{pgspeed_dir}/
%patch7 -p0
%endif
%if %{with_geoip}
%patch2 -p0
%endif
%if %{with_geoip2}
%patch3 -p0
%endif
%if %{with_ruby}
%if 0%{?sles_version} <= 11
pushd ../
gem unpack %{SOURCE9}
popd
%else
gem unpack %{SOURCE9} --target %{_builddir}
%endif
%endif
%if 0%{?suse_version} || 0%{?fedora_version}
%patch1 -p1
%endif
# %if %{with_ajp}
# patch -p1 < ./nginx_ajp_module/ajp.patch
# %endif
# pushd ./nginx-upstream-fair
# patch -p1 < ../nginx_upstream_check/upstream_fair.patch
# popd
# see https://github.com/yaoweibin/nginx_upstream_check_module
# patch -p1 < ./nginx_upstream_check/check_1.5.12+.patch
# patch -p1 < ./nginx_upstream_check/check_1.7.5+.patch
%if 0%{?sles_version} == 11
# # %patch4 -p0
%endif
# patch -p1 < ./nginx_upstream_check_module-0.3.0/check_1.7.2+.patch
%patch5 -p0
#%patch8 -p0
%patch9 -p0
pushd ./nginx-upstream-fair
# patch -p1 < ../nginx_upstream_check_module-0.3.0/upstream_fair.patch
#patch -p1 < ../nginx_upstream_check_module-master/upstream_fair.patch
#popd
#%patch6 -p0
# pushd ./nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d
# patch -p1 < ../nginx_upstream_check_module-0.3.0/nginx-sticky-module.patch
# popd
rm -f conf/*.orig
%build
%if %{with_geoip}
export CFLAGS="-I%{geodir}/include"
export LDFLAGS="-L%{geodir}/lib"
%endif
%if %{with_geoip2}
export CFLAGS="$CFLAGS -I%{libmaxminddbdir}/include"
export LDFLAGS="$LDFLAGS -L%{libmaxminddbdir}/lib"
%endif
%if %{with_lua}
export LUA_LIB=%{luadir}/lib
export LUA_INC=%{luadir}/include
%endif
%if %{with_modsec}
export CFLAGS="$CFLAGS -I%{modsecuritydir}/include"
export LDFLAGS="$LDFLAGS -L%{modsecuritydir}/lib"
export MODSECURITY_INC="%{modsecuritydir}/include/"
export MODSECURITY_LIB="%{modsecuritydir}/lib/"
%endif
#--add-module=./nginx-upload-progress-module-0.9.2 \
./configure \
--prefix=%{prefix} \
--with-debug \
--with-openssl=./openssl-%{sslvers} \
--with-select_module \
--with-poll_module \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_xslt_module \
%if %{with_stream}
--with-stream \
--with-stream_ssl_module \
--with-stream_realip_module \
--with-stream_geoip_module=dynamic \
%endif
%if %{with_perl}
--with-http_perl_module=dynamic \
%endif
%if %{with_gd}
--with-http_image_filter_module=dynamic \
%endif
--with-http_sub_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--with-http_mp4_module \
--with-stream \
--add-module=./modsecurity-nginx-v%{modsecnginxvers} \
%if %{with_geoip}
--with-http_geoip_module \
%endif
%if %{with_geoip2}
--add-module=./ngx_http_geoip2_module \
%endif
--add-module=./nginx_upstream_check_module-master \
--add-module=./nginx-goodies-nginx-sticky-module-ng-08a395c66e42 \
%if %{with_lua}
--add-module=./lua-nginx-module-0.10.13 \
%endif
%if %{with_pgspeed}
--add-dynamic-module=./%{pgspeed_dir}/ \
%endif
--add-module=./headers-more-nginx-module-0.34 \
--add-module=./nginx-upload-progress-module-feature-nginx-v1.23 \
--add-module=./nginx-upstream-fair \
--add-module=./ngx_cache_purge-2.3 \
--add-module=./ngx_log_if \
--add-module=./nginx_accept_language_module \
%if %{with_ruby}
--add-module=%{_builddir}/passenger-%{gemvers}/src/nginx_module \
%endif
%if %{with_ajp}
--add-module=./nginx_ajp_module \
%endif
%if %{with_websockify}
--add-module=./websockify-nginx-module-0.0.3/ \
%endif
%if %{with_slowfs}
--add-module=./ngx_slowfs_cache-master \
%endif
--with-imap \
%if %{with_aio}
--with-file-aio \
%endif
--with-http_gunzip_module \
--with-md5=/usr \
--with-sha1=/usr \
--with-http_v2_module \
%if 0%{?suse_version} > 1000 || 0%{?fedora_version} > 4 || 0%{?mandriva_version} > 2006
--with-cc-opt="%{optflags} -fstack-protector"
%else
--with-cc-opt="%{optflags} -O0 -g"
%endif
# --add-module=./ngx_supervisord \
%{__make}
%install
export NO_BRP_CHECK_RPATH=true
make DESTDIR=$RPM_BUILD_ROOT install
%{__mkdir_p} %{buildroot}%{prefix}/bin
%{__mkdir_p} %{buildroot}%{prefix}/html
%{__mkdir_p} %{buildroot}%{prefix}/man/man8
%{__mkdir_p} %{buildroot}%{prefix}/modules
%{__install} -m 0755 contrib/geo2nginx.pl %{buildroot}%{prefix}/bin/
%{__install} -m 0644 man/nginx* %{buildroot}%{prefix}/man/man8/
%if %{with_ruby}
%if 0%{?suse_version} > 0 && 0%{?sles_version} <= 10
gem install --local --install-dir %{buildroot}/%{ruby_gemdir} --force %{SOURCE9}
%else
gem install --bindir %{buildroot}%{_bindir} --local --install-dir %{buildroot}/%{ruby_gemdir} --force %{SOURCE9}
%endif
%{__rm} -rf %{buildroot}%{ruby_gemdir}/{cache,gems/%{gemname}-%{version}/{debian,ext}}
%{__rm} -rf %{buildroot}%{ruby_gemdir}/doc
%endif
%if %{with_geoip}
%{__mkdir_p} %{buildroot}%{prefix}/share/GeoIP
gzip -cd %{SOURCE13} >%{buildroot}%{prefix}/share/GeoIP/GeoIP.dat
gzip -cd %{SOURCE18} >%{buildroot}%{prefix}/share/GeoIP/GeoIPv6.dat
%endif
%if %{with_geoip2}
%{__mkdir_p} %{buildroot}%{prefix}/share/GeoIP
gzip -cd %{SOURCE24} >%{buildroot}%{prefix}/share/GeoIP/GeoLite2-Country.mmdb
%endif
%if %{with_perl}
%{__mkdir_p} %{buildroot}%{prefix}/perl
%if 0%{?centos_version} < 900
%{__cp} -p `find %{buildroot}/usr -name nginx.so` %{buildroot}%{prefix}/perl/
%endif
%{__cp} -p `find %{buildroot}/usr -name nginx.pm` %{buildroot}%{prefix}/perl/
%{__mkdir_p} %{buildroot}%{prefix}/man/man3
%{__cp} -p `find %{buildroot}/usr -name nginx.3pm*` %{buildroot}%{prefix}/man/man3/
%{__rm} -rf %{buildroot}/usr
%endif
%{__install} -m 0755 %{SOURCE17} %{buildroot}%{prefix}/bin/set_nginx_1.26.latest-modsec.sh
find %{buildroot} -name "nginx.old" -o -name "*.sav" -o -name "*.bs" -o -name "*.keep" -o -name "*.gitkeep" -o -name "*.gitignore" |xargs -i rm -f {}
%post
/sbin/ldconfig 2>/dev/null
cd %{prefix}/..
%{prefix}/bin/set_nginx_1.26.latest-modsec.sh
%postun
/sbin/ldconfig 2>/dev/null
%clean
%{__rm} -rf %{buildroot}
%if %{with_ruby}
%files ruby
%defattr(-,root,root)
%if 0%{?suse_version} >= 1201
%{ruby_gemdir}/bin/passenger*
%else
%{_bindir}/passenger*
%endif
%{ruby_gemdir}/gems/%{gemname}-%{gemvers}
%{ruby_gemdir}/specifications/%{gemname}-%{gemvers}.gemspec
%endif
%files
%defattr(-,root,root)
%dir %{prefix}
%{prefix}/bin
%{prefix}/conf
%{prefix}/html
%{prefix}/man
%{prefix}/modules
%{prefix}/sbin
%{prefix}/logs
%if %{with_geoip}
%{prefix}/share
%endif
%if %{with_perl}
%{prefix}/perl
%endif
%changelog
* Mon Jun 10 2024 Dennis Hampe <dennis.hampe@bertelsmann.de>
- inital version
